Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Heilig Defense RansomOff
Message
<blockquote data-quote="HeiDef" data-source="post: 781367" data-attributes="member: 60542"><p>All good feedback. Definitely appreciate you taking the time to test RO and leave the comments.</p><p></p><p>I'll try to hit most of your points but there are some RTFM aspects as well. First, having all of those security programs running probably will cause an issue. Multiple kernel drivers fighting to figure out what's going on (and admittedly RO is aggressive) is asking for problems. We test RO heavily on our test systems and don't run into many of the issues that get reported. Not to say it's a perfect piece of software but like medicine, undesired interactions can occur.</p><p></p><p>Parent/child inheritance is dangerous. There are too many ways to maliciously execute a program and the parent is not a very good indicator of something being safe so inheritance is not heavily used in our analysis.</p><p></p><p>There is a HIPS setting relating to alerts on protected folders in certain circumstances but otherwise they are not meant to alert.</p><p></p><p>We'll take a look at the settings issue. That is new to us.</p><p></p><p>RE: alerts. Are you talking about HIPS alerts or actual ransomware alerts? HIPS notifications are meant to alert strictly based on observed behavior. Nothing fancy about it. Certain settings will create many alerts which is by design. If you are getting a lot of ransomware alerts, there are a variety of reasons that may be happening. In most cases, exemptions can be used to easily filter out the triggers.</p><p></p><p>RO is not signature based so it relies solely on observed behaviors. The default model it uses is based on a normal Windows machine like the kind found in managed environments. MT and Wilders users are not really the normal computer user and consequently, their systems make RO react in strange ways. Layering up on security software, third-party task managers and file browsers, running things portable and sandboxed, etc, etc. It's great from a testing point of view but there is no way that our "normal" modal will work flawlessly. However, the options RO provides means it can be tuned to work very well even in a power user environment.</p></blockquote><p></p>
[QUOTE="HeiDef, post: 781367, member: 60542"] All good feedback. Definitely appreciate you taking the time to test RO and leave the comments. I'll try to hit most of your points but there are some RTFM aspects as well. First, having all of those security programs running probably will cause an issue. Multiple kernel drivers fighting to figure out what's going on (and admittedly RO is aggressive) is asking for problems. We test RO heavily on our test systems and don't run into many of the issues that get reported. Not to say it's a perfect piece of software but like medicine, undesired interactions can occur. Parent/child inheritance is dangerous. There are too many ways to maliciously execute a program and the parent is not a very good indicator of something being safe so inheritance is not heavily used in our analysis. There is a HIPS setting relating to alerts on protected folders in certain circumstances but otherwise they are not meant to alert. We'll take a look at the settings issue. That is new to us. RE: alerts. Are you talking about HIPS alerts or actual ransomware alerts? HIPS notifications are meant to alert strictly based on observed behavior. Nothing fancy about it. Certain settings will create many alerts which is by design. If you are getting a lot of ransomware alerts, there are a variety of reasons that may be happening. In most cases, exemptions can be used to easily filter out the triggers. RO is not signature based so it relies solely on observed behaviors. The default model it uses is based on a normal Windows machine like the kind found in managed environments. MT and Wilders users are not really the normal computer user and consequently, their systems make RO react in strange ways. Layering up on security software, third-party task managers and file browsers, running things portable and sandboxed, etc, etc. It's great from a testing point of view but there is no way that our "normal" modal will work flawlessly. However, the options RO provides means it can be tuned to work very well even in a power user environment. [/QUOTE]
Insert quotes…
Verification
Post reply
Top